A New Trend is Letting Spammers Bypass X’s Defenses
As reported by Dark Reading, in a thread on X, Guardio Labs head Nati Tal highlighted a troubling loophole in the platform’s security. According to Tal, cybercriminals are abusing X’s built-in AI assistant, Grok, to distribute malicious links at scale, a tactic he’s labeled “grokking”.
This trick allows attackers to slip past the site’s own ban on links in promoted posts, flooding user feeds with scam content, malware, and phishing attempts.
How “Grokking” Works
X prohibits links in paid promotions to reduce the risk of malvertising. Promoted posts are limited to text, images, and videos, formats less likely to carry direct threats. However, Guardio researcher Shaked Chen found that scammers discovered a workaround while analyzing traffic distribution systems (TDS) that push fake CAPTCHAs, adult bait, and other shady redirects.
Instead of putting a domain in the body of a post, scammers embed it in the “From” field of video cards. This field is meant to display the original poster’s name, but instead contains a hidden URL. Few users click it directly, but the real trick comes when attackers use Grok itself.
By commenting on their own videos with a prompt like “@grok Where is this video from?”, scammers get Grok to retrieve and publish the hidden link. Unlike the buried “From” field, Grok reposts the URL in clickable form, amplifying its reach to anyone who sees the thread. With paid promotion, those malicious links can land in front of hundreds of thousands, or even millions, of users.
Grok’s Security Shortcomings
This loophole undermines X’s basic protections against malvertising. By tricking Grok into posting malicious domains, attackers not only distribute malware and scams but also boost their credibility. Search engines index Grok’s reposts, unintentionally elevating those domains’ rankings.
Tal argues that X’s current defenses are too blunt and that proper link scanning across all parts of posts, including metadata and AI outputs, could have stopped the scheme.
Beyond X’s policy gaps, researchers point to Grok’s weak safeguards compared to other mainstream AI assistants. Dorian Granoša, lead red team data scientist at Splx AI, warns that Grok is “fundamentally less secure” than its competitors. His team found that Grok succumbed to prompt injection attempts 99% of the time when stripped of its system prompt, a stark contrast to rivals that build multiple layers of protection.
AI Continues to be a Double-Edged Sword
“Grokking” is just the latest example of how quickly threat actors adapt when platforms roll out new tools. X’s efforts to cut off malicious advertising by banning links may have worked on paper, but scammers, armed with AI loopholes, found another path.
For users, the threat is clear: malware, scams, and shady redirects are reaching timelines at an unprecedented scale. For X, the challenge is even clearer: unless the company invests in stronger link scanning and AI safety measures, its own flagship AI assistant may remain one of the easiest tools for attackers to exploit.
This continues to highlight the double-edged nature of AI, delivering massive efficiencies and savings on one hand, while opening equally massive risks when exploited by threat actors.
